On Sat, 30 Aug 2008, Bastian Blank wrote:
> > Or you use only resolvers that you have a trusted (i.e. ipsec)
> > connection to and those need to have a complete axfr'ed zone.
>
> Then we can drop the whole ud-ldap thing and use centralized
> authentication.
Um. I don't see why that follows. I don't think it matters however. :)
ipsec/stunnel etc aren't the solution.
> > > > What other options did we forget?
> > >
> > > - Setup Kerberos, allow it as an additional ssh login variant
> >
> > Circumvents the entire idea behind this exercise: Assuming an attacker
> > already has control over one host we want to make it as hard as possible
> > for them to jump to other hosts.
>
> Nope. It is the same that ssh with key auth. Anything an attacker can
> get is a short-term secret in form of a forwarded ticket. The service
> ticket themself is useless for anything else then the direct connection
> between the user and the server.
But it allows them to get a shell on the target server. Even if only
for a short term[1]. This means we lose.
1. And more likely the user will fetch a full TGT on the source host
when they want to copy stuff to another host since the default mode of
login will probably stay ssh keys.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
